Docs

Authentication

We use Docker Registry v2 token authentication. Your auth header is sent to our auth-service which validates against the NoackHub API. We sign a JWT that the registry accepts.

Login

docker login images.noackhosting.net -u YOUR_USERNAME
# password: your regular NoackHub password

Logout

docker logout images.noackhosting.net

Push

You can only push to your own namespace (matches your username). Attempts to push to other namespaces return 403.

docker build -t myapp:v1 .
docker tag myapp:v1 images.noackhosting.net/USER/myapp:v1
docker push images.noackhosting.net/USER/myapp:v1

Multi-arch via buildx

docker buildx build --platform linux/amd64,linux/arm64 \
  -t images.noackhosting.net/USER/myapp:v1 --push .

Pull

Pull requires auth (private images). Pull from your own namespace plus any images that have been shared with you.

docker pull images.noackhosting.net/USER/myapp:v1

CI/CD integration

In your NoackHub Actions workflows:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: docker login images.noackhosting.net -u ${{ secrets.REG_USER }} -p ${{ secrets.REG_PASS }}
      - run: docker build -t images.noackhosting.net/${{ secrets.REG_USER }}/app:${{ github.sha }} .
      - run: docker push images.noackhosting.net/${{ secrets.REG_USER }}/app:${{ github.sha }}

List repos / tags

# List all repos (admin only):
curl -s https://images.noackhosting.net/api/catalog | jq

# List tags for a repo:
curl -s https://images.noackhosting.net/api/tags/USER/myapp | jq

# Direct v2 API:
curl -s -u USER:PASS https://images.noackhosting.net/v2/_catalog
curl -s -u USER:PASS https://images.noackhosting.net/v2/USER/myapp/tags/list

MVP limitations

• Image deletion via the API is supported, but there is no GC cronjob — unreferenced layers fill up the disk.
• Private images only — no public namespace yet.
• No per-user quota yet.